There are four system security processes:
Enable Multiple Security Groups
Run this process when you first set up Security Groups Enabled security.
Generate Secure User
Run this process when you create a new security profile that references a reporting user.
Security List Maintenance
Run this process every night.
You run these processes using an HRMS responsibility from the Submit Request window.
Grant Permissions to Roles
This process is run automatically as part of the autoinstall process.
You must run the Enable Multiple Security Groups process if you set the Enable Security Groups profile option to Yes. This process must be run when:
You set up Security Groups Enabled security for the first time to enable HRMS to use multiple security group features.
You change from Standard HRMS security to Security Groups Enabled security. This ensures that all your existing business groups have security groups and all the multiple security group features are enabled.
Note: To avoid errors when running the Enable Multiple Security Groups process, make sure that you set the Enable Security Groups profile option to Yes at the Application level.
This process grants permissions to new reporting users. It grants the "hr_reporting_user" role to the REPORTING_ORACLE_USERNAME specified in the security profile.
Run this process when you have created a new security profile that references a reporting user. In the Submit Requests window, select the name of the new security profile. This is the only parameter for the process.
This process maintains the lists of organizations, positions, employees, contingent workers and applicants that security profile holders can access. You should schedule it to run every night to take account of changes made during the day to security profiles, organization and position structures, and person records. If a disruption, such as a power cut, occurs while the process is running, you can manually restart it from the Submit Request window.
Note: The PERSLM process replaces the earlier LISTGEN and GLISTGEN processes.
See also Running the Security List Maintenance Process
Attention: The Security List Maintenance process should normally run when there are no users logged on to the system. Users attached while this process is running may experience unexpected results; for example, additional employees may become visible or previously visible employees may disappear from view.
All reporting users in the system share access to a set of public synonyms for tables and views. Reporting users are granted permissions to make them usable. The Grant Permissions To Roles process creates these public synonyms and grants permissions to them.
Attention: The Grant Permissions to Roles process is unrelated to setting up workflow roles for Oracle products that support security by workflow.
This process runs automatically as part of the autoinstall process when you install HR, or when you upgrade the system.
The process creates public synonyms for each of the required HR objects and then grants SELECT permissions to the role 'hr_reporting_user'. Permissions are not granted on the secured tables, but only on the secure views of those tables. All permissions previously granted to the role are revoked before the new grants are made. This ensures that the correct grants exist for the valid HR objects.